Machine-initiated payments will unlock new opportunities for payment credentials

It’s rare for a change in consumer payments to justify rebuilding the foundation, but few innovations have been quite as disruptive as agentic commerce. 

For nearly sixty years, the card payment credential, personal account number (PAN), has been a static, reusable identifier riding on rails designed for human-initiated transactions. The 16-digit account number was introduced in the 1960s as a way to extend a line of credit to a specific person at a specific bank. In the world Visa designed this in, with paper slips, carbon copies, in-person purchases at the point of sale, the design made sense. More than 60 years later, though, nearly every payment protocol still assumes the same factors in each transaction: a credential tying an account to a cardholder, a merchant, and a moment of human consent at the point of sale.

Commerce itself has changed dramatically since the 1960s. The rise of e-commerce stripped away the physical signals — a card in hand, a signature, a clerk — that the original model relied on, and the industry had to invent new ones to keep the system running. CVV2 and address verification were grafted on to stand in for physical presence. PCI-DSS set rules for how merchants could store the PAN. 

EMV 3-D Secure, introduced in 2001 and refreshed as 3DS 2 in 2016, layered cryptographic authentication on top of that flow. Network tokenization, which Visa launched in 2014 and was standardized across the industry in the following years, replaced the PAN at point of use so the real account number never traveled with the transaction. Each of these was a real upgrade, and together they made online commerce workable at scale. But each was a layer wrapped around the same credential. A human still types or pastes the same 16-digit number into a checkout field, and the system still treats that act as proof of intent. E-commerce demanded changes around the credential, not to it. That work is still ahead.

When agents are the buyer, the credential has to carry more than account identity. At Rain today, this happens at issuance. Agents transact using scoped virtual cards that are customized to work at approved merchants under specific conditions. Consumers and businesses directing agents to buy on their behalf go through the same KYC and KYB procedures their cards have always required. This model operates within the rails merchants already accept, which matters because agent purchases need to land in the same checkout flows human purchases do, certainly in the near term, and likely in the future, too.

Cards, however, were not designed for what comes after this. The next wave of agentic commerce is not agents using cards to check out at the same merchants as humans, but machine-to-machine payments, where the buyer is software, the seller is software, and consent must travel inside the credential itself rather than sit at the moment of issuance. A credential whose only job is to identify an account cannot express what an agent is allowed to do; only that an account exists. 

The design space for what comes next is wide open, but we see a few things as non-negotiable. An agentic payment credential needs to clearly identify the funding source behind the transaction, so issuers, merchants, and networks know who is ultimately on the hook. It needs to carry the human-approved constraints under which the agent is authorized to spend. This means which merchant, what amount, for how long, on whose behalf, under what conditions, and by what means it can be revoked. And it needs to be auditable, both for the human who delegated spend authority and for the broader set of parties — issuers, networks, regulators — responsible for consumer protection. These properties are what turns an account identifier into a record of consent. 

The implications of this extend beyond the technical layer. Moving consent into the credential changes what an authorization request actually verifies, what a merchant can directly confirm about who authorized the transaction, and how disputes are resolved when the buyer is not human. This model will support microtransactions and programmatic commerce between services that current rails cannot economically serve, and allow for consumer protections that operate through constraint rather than detection. The scope of what an agent can do will be defined in advance, not inferred from behavior after the fact.

Most of the changes to consumer payments over the past two decades have been refinements within the same model. The shift that agentic commerce requires is structural; the credential has to account for who, or what, is actually transacting.